mirrors/dozzle
1
0
Fork 0
mirror of https://github.com/amir20/dozzle.git synced 2025-12-24 06:28:42 +01:00
Code Issues Projects Releases Wiki Activity

Fixes security error with invalid session

Browse Source
This commit is contained in:
Amir Raminfar
2021-04-11 13:53:16 -07:00
parent c89e70d697
commit 2bbbb5f7a5
2 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
web/auth.go
View File

@@ -27,8 +27,7 @@ func initializeAuth(h *handler) {
func authorizationRequired(f http.HandlerFunc) http.Handler {
if secured {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, sessionName)
if session.IsNew {
if isAuthorized(r) {
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
} else {
@@ -40,7 +39,7 @@ func authorizationRequired(f http.HandlerFunc) http.Handler {
}
}
func (h *handler) isAuthorized(r *http.Request) bool {
func isAuthorized(r *http.Request) bool {
if !secured {
return true
}
@@ -59,7 +58,7 @@ func (h *handler) isAuthorized(r *http.Request) bool {
}
func (h *handler) isAuthorizationNeeded(r *http.Request) bool {
return secured && !h.isAuthorized(r)
return secured && !isAuthorized(r)
}
func (h *handler) validateCredentials(w http.ResponseWriter, r *http.Request) {